Table of Contents |
---|
Overview
...
This KBA is regarding sending encrypted logs through the TCP over the TLS process to the CCE.
...
Server SSL Key Creation
The Seceon CCE server name must match the entry in your /home/seceon directory.
Code Block |
---|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout logserver.key -out logserver.crt |
You’ll be prompted for the following info.
Code Block |
---|
Country Name (2 letter code):US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:server FQDN or server_IP_address
Email Address[]:admin@your_domain.com |
Generating TCP/TLS Logs using syslog-ng:
Ref: https://www.logzilla.net/configuring-tls-tunnels-in-syslog-ng.html
...
If LTS is enabled, perform the above changes on logs-manager container
1. Go into cce-logs-manager container
otmdoc -s cce-logs-manager
2. Update /docker/config/syslog_base_var.yml -> tcp_over_tls: True
vi docker/config/syslog_base_var.yml
3. Restart the cce-logs-manager container
otmdoc -r cce-logs-manager
To get the cerificate certificate to follow the below process:
a) cd syslog/config/
b) ls
You will get a .crt and .key file which you can copy on the /home/seceon and retrieve.
...
Info |
---|
If TCP traffic not receiving at CCE server (syslog server)
|
Verification:
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...